Checklist
AI Incident Response Checklist
Stick this on the wall. When AI goes wrong, the first 60 minutes shape the next 60 days.
Reviewed by Level Up Automate.
TL;DR
First 60 minutes: stop the bleed, preserve evidence, notify leadership.
First 24 hours: facts, scope, communications draft.
First 30 days: root cause, customer comms, never-again note.
First 60 minutes
What the first responder does.
- Pause or disable the affected AI tool.
- Preserve current state — do not delete logs or outputs.
- Notify owner / COO and IT in writing.
- Begin a written timeline of what's known.
First 24 hours
What the team owes leadership.
- Facts: what happened, in 5 sentences.
- Scope: who and what was affected.
- Active state: is the issue still occurring?
- Customer impact: who needs to be told.
- Initial communications draft — plain English.
First 30 days
Closing the loop.
- Customer communications complete.
- Root cause documented in writing.
- Mitigation deployed and verified.
- Never-again note filed with the AI policy.
- Policy or training updated if relevant.
Common questions
Plain-English answers
When do we call counsel?
When regulated personal data was exposed, when a customer threatens litigation, or when a vendor breach with contractual exposure is in play. Otherwise, your insurance broker is the first call.
Related reading
Next step
Want a hand getting this right?
A 30-minute conversation often saves weeks of guessing. We'll talk through your team, your data, and what to do first — no slide deck required.